IT Security

Lenovo have urged all users affected to update to the latest patch to resolve this issue. The issue lies in the Fingerprint Manager Pro application, which is installed by default for Lenovo devices with the fingerprint scanner built in.

It uses a weak encryption algorithm which uses a hardcoded password, this hardcoded password created by Lenovo can be accessed by all users with local non-administrative user, such as a guest user, and can be retrieved to unlock the passwords and finger print data stored on the device.

An attacker can then use the information gathered to login as any user that has used the Fingerprint Manager Pro application for logging in.

Who is affected?

Anyone with a Lenovo laptop of these models with the Lenovo fingerprint Manager Pro software installed on a version lower than 8.01.87: